Closed Bug 598453 Opened 14 years ago Closed 14 years ago

New version of JEP (0.9.7.4), please land on branches

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(status1.9.2 .11-fixed, status1.9.1 .14-fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- .11-fixed
status1.9.1 --- .14-fixed

People

(Reporter: smichaud, Assigned: smichaud)

References

Details

(Keywords: fixed1.9.0.20, Whiteboard: [sg:high])

Attachments

(1 file)

Change log for JEP 0.9.7.4
1010 bytes, text/plain
jaas
: review+
christian
: approval1.9.2.11+
christian
: approval1.9.1.14+
christian
: approval1.9.0.next+
Details
JEP 0.9.7.4 fixes (or works around) a major security hole (see bug 589041), and also fixes two other bugs (which are major annoyances for certain classes of users). Because I don't want to reveal too much about the security bug before it's been fixed in all current Mozilla releases, I haven't yet formally released JEP 0.9.7.4 (I haven't yet uploaded it to http://javaplugin.sourceforge.net/). That's also why I've marked this bug security sensitive. I've already emailed copies of the JEP 0.9.7.4 distro to Dan Veditz and Christian Legnitto. I can also email copies to others who wish to test it (its size is about 4MB). JEP 0.9.7.4 needs to be landed on the current branches (1.9.2 and 1.9.1) soon -- before the 1.9.2.11 and 1.9.1.14 branch code freeze (currently scheduled for 2010-09-28). It should probably also be landed on the 1.9.0 branch (as JEP 0.9.7.3 was), so Camino can pick it up (Smokey may have more to say about this). Those who want to try the new version right away will need to install it "over" the older versions currently bundled with Mozilla.org browsers. I recommend doing the following. Note that these instructions have changed from what I used to recommend. This is because Apple made changes in their most recent Java Updates (on OS X 10.5.X and 10.6.X) that cause the previous instructions to no longer work properly. For each of the browser binaries you wish to update: 1) Control-click (or right-click) on the browser binary and choose "Show Package Contents". 2) Browse to the Contents/MacOS/plugins folder and delete JavaEmbeddingPlugin.bundle and MRJPlugin.plugin. 3) Drag copies of the new Java Embedding Plugin binaries to the Contents/MacOS/plugins folder.
Attachment #477289 - Flags: review?(joshmoz)
Steven, can you mail me a copy, too (at this address), so I can take it for a spin in Camino? As Steven mentioned, we will want this on 1.9.0 for our next Camino release (we'd like to have our RC built by end-of-month, but we're still blocked on a couple of our own bugs, so the final timeline is still a bit murky). Assuming the new JEP lands simultaneously on 1.9.1 and 1.9.2, it would be great if it could land on 1.9.0 with them.
Attachment #477289 - Flags: review?(joshmoz) → review+
Attachment #477289 - Flags: approval1.9.2.11?
Attachment #477289 - Flags: approval1.9.1.14?
Attachment #477289 - Flags: approval1.9.0.next?
Attachment #477289 - Flags: approval1.9.2.11?
Attachment #477289 - Flags: approval1.9.2.11+
Attachment #477289 - Flags: approval1.9.1.14?
Attachment #477289 - Flags: approval1.9.1.14+
Attachment #477289 - Flags: approval1.9.0.next? → approval1.9.0.next+
Approved for the branches.
Landed on the 1.9.0 branch: Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist,v <-- Info.plist new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin,v <-- JavaEmbeddingPlugin new revision: 1.24; previous revision: 1.23 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar; /cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar,v <-- JavaEmbeddingPlugin.jar new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist,v <-- Info.plist new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin,v <-- MRJPlugin new revision: 1.24; previous revision: 1.23 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar,v <-- MRJPlugin.jar new revision: 1.23; previous revision: 1.22 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc,v <-- MRJPlugin.rsrc new revision: 1.19; previous revision: 1.18 done Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings; /cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings new revision: 1.23; previous revision: 1.22 done
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm changing the product so I can set the branch status flags appropriately
Assignee: smichaud → blackconnect
Component: Java (Java Embedding Plugin) → Java-Implemented Plugins
Product: Plugins → Core
QA Contact: jep-java → blackconnect
(In reply to comment #7) > Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm > changing the product so I can set the branch status flags appropriately You join the list of people wanting bug 584632 to actually get fixed ;)
Assignee: blackconnect → smichaud
Component: Java-Implemented Plugins → Plug-ins
QA Contact: blackconnect → plugins
Whiteboard: [sg:high]
I'm wondering if this bug needs an advisory for the 1.9.2.11 and 1.9.1.14 releases. I'm also unclear why it's marked sg:high when it blocks a sg:critical bug.
Unfortunately, this seems to have broken popular game sites Yahoo! Games and pogo.com, which are apparently not the kinds of Java applets/sites that any of us test against :( See bug 607678.
Group: core-security
Now that this bug is no longer marked security-sensitive, I'll formally release JEP 0.9.7.4 pretty soon -- possibly this weekend.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: