Closed
Bug 598453
Opened 14 years ago
Closed 14 years ago
New version of JEP (0.9.7.4), please land on branches
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(status1.9.2 .11-fixed, status1.9.1 .14-fixed)
RESOLVED
FIXED
People
(Reporter: smichaud, Assigned: smichaud)
References
Details
(Keywords: fixed1.9.0.20, Whiteboard: [sg:high])
Attachments
(1 file)
1010 bytes,
text/plain
|
jaas
:
review+
christian
:
approval1.9.2.11+
christian
:
approval1.9.1.14+
christian
:
approval1.9.0.next+
|
Details |
JEP 0.9.7.4 fixes (or works around) a major security hole (see bug
589041), and also fixes two other bugs (which are major annoyances for
certain classes of users).
Because I don't want to reveal too much about the security bug before
it's been fixed in all current Mozilla releases, I haven't yet
formally released JEP 0.9.7.4 (I haven't yet uploaded it to
http://javaplugin.sourceforge.net/). That's also why I've marked this
bug security sensitive.
I've already emailed copies of the JEP 0.9.7.4 distro to Dan Veditz
and Christian Legnitto. I can also email copies to others who wish to
test it (its size is about 4MB).
JEP 0.9.7.4 needs to be landed on the current branches (1.9.2 and
1.9.1) soon -- before the 1.9.2.11 and 1.9.1.14 branch code freeze
(currently scheduled for 2010-09-28). It should probably also be
landed on the 1.9.0 branch (as JEP 0.9.7.3 was), so Camino can pick it
up (Smokey may have more to say about this).
Those who want to try the new version right away will need to install
it "over" the older versions currently bundled with Mozilla.org
browsers. I recommend doing the following. Note that these
instructions have changed from what I used to recommend. This is
because Apple made changes in their most recent Java Updates (on OS X
10.5.X and 10.6.X) that cause the previous instructions to no longer
work properly.
For each of the browser binaries you wish to update:
1) Control-click (or right-click) on the browser binary and choose
"Show Package Contents".
2) Browse to the Contents/MacOS/plugins folder and delete
JavaEmbeddingPlugin.bundle and MRJPlugin.plugin.
3) Drag copies of the new Java Embedding Plugin binaries to the
Contents/MacOS/plugins folder.
Assignee | ||
Comment 1•14 years ago
|
||
Attachment #477289 -
Flags: review?(joshmoz)
Steven, can you mail me a copy, too (at this address), so I can take it for a spin in Camino?
As Steven mentioned, we will want this on 1.9.0 for our next Camino release (we'd like to have our RC built by end-of-month, but we're still blocked on a couple of our own bugs, so the final timeline is still a bit murky). Assuming the new JEP lands simultaneously on 1.9.1 and 1.9.2, it would be great if it could land on 1.9.0 with them.
Attachment #477289 -
Flags: review?(joshmoz) → review+
Assignee | ||
Updated•14 years ago
|
Attachment #477289 -
Flags: approval1.9.2.11?
Attachment #477289 -
Flags: approval1.9.1.14?
Attachment #477289 -
Flags: approval1.9.0.next?
Assignee | ||
Updated•14 years ago
|
Blocks: CVE-2010-3775
Attachment #477289 -
Flags: approval1.9.2.11?
Attachment #477289 -
Flags: approval1.9.2.11+
Attachment #477289 -
Flags: approval1.9.1.14?
Attachment #477289 -
Flags: approval1.9.1.14+
Attachment #477289 -
Flags: approval1.9.0.next? → approval1.9.0.next+
Assignee | ||
Comment 4•14 years ago
|
||
Landed on the 1.9.2 branch:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/06dbab839a94
Assignee | ||
Comment 5•14 years ago
|
||
Landed on the 1.9.1 branch:
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/68d3084c0bcb
Assignee | ||
Comment 6•14 years ago
|
||
Landed on the 1.9.0 branch:
Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist;
/cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Info.plist,v <-- Info.plist
new revision: 1.23; previous revision: 1.22
done
Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin;
/cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin,v <-- JavaEmbeddingPlugin
new revision: 1.24; previous revision: 1.23
done
Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings;
/cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings
new revision: 1.23; previous revision: 1.22
done
Checking in plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar;
/cvsroot/mozilla/plugin/oji/JEP/JavaEmbeddingPlugin.bundle/Contents/Resources/Java/JavaEmbeddingPlugin.jar,v <-- JavaEmbeddingPlugin.jar
new revision: 1.23; previous revision: 1.22
done
Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist;
/cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Info.plist,v <-- Info.plist
new revision: 1.23; previous revision: 1.22
done
Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin;
/cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin,v <-- MRJPlugin
new revision: 1.24; previous revision: 1.23
done
Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar;
/cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/MacOS/MRJPlugin.jar,v <-- MRJPlugin.jar
new revision: 1.23; previous revision: 1.22
done
Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc;
/cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/MRJPlugin.rsrc,v <-- MRJPlugin.rsrc
new revision: 1.19; previous revision: 1.18
done
Checking in plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings;
/cvsroot/mozilla/plugin/oji/JEP/MRJPlugin.plugin/Contents/Resources/English.lproj/InfoPlist.strings,v <-- InfoPlist.strings
new revision: 1.23; previous revision: 1.22
done
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 7•14 years ago
|
||
Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm changing the product so I can set the branch status flags appropriately
Assignee: smichaud → blackconnect
Component: Java (Java Embedding Plugin) → Java-Implemented Plugins
Product: Plugins → Core
QA Contact: jep-java → blackconnect
Updated•14 years ago
|
(In reply to comment #7)
> Since this bug is not _in_ the JEP but is about landing code in Gecko, I'm
> changing the product so I can set the branch status flags appropriately
You join the list of people wanting bug 584632 to actually get fixed ;)
Assignee: blackconnect → smichaud
Component: Java-Implemented Plugins → Plug-ins
QA Contact: blackconnect → plugins
Updated•14 years ago
|
Whiteboard: [sg:high]
Comment 9•14 years ago
|
||
I'm wondering if this bug needs an advisory for the 1.9.2.11 and 1.9.1.14 releases. I'm also unclear why it's marked sg:high when it blocks a sg:critical bug.
Depends on: 607678
Unfortunately, this seems to have broken popular game sites Yahoo! Games and pogo.com, which are apparently not the kinds of Java applets/sites that any of us test against :( See bug 607678.
Depends on: 606737
Updated•14 years ago
|
Group: core-security
Assignee | ||
Comment 11•14 years ago
|
||
Now that this bug is no longer marked security-sensitive, I'll formally release JEP 0.9.7.4 pretty soon -- possibly this weekend.
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•