Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

firefox: 72.0.3 -> 73.0 #79786

Merged
merged 7 commits into from Feb 12, 2020
Merged

firefox: 72.0.3 -> 73.0 #79786

merged 7 commits into from Feb 12, 2020

Conversation

@andir
Copy link
Member

@andir andir commented Feb 11, 2020

Motivation for this change

Update to latest Firefox release.

The NSS update is a huge rebuild in here thus this should only go in if it has serious security fixes or #79784 has gone through the staging cycle.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@ofborg ofborg bot added the 6.topic: nixos label Feb 11, 2020
@ofborg ofborg bot requested review from edolstra and jtojnar Feb 11, 2020
@veprbl veprbl added this to WIP in Staging via automation Feb 11, 2020
@veprbl veprbl removed this from WIP in Staging Feb 11, 2020
@FRidh FRidh added this to WIP in Staging via automation Feb 11, 2020
…rsion

Also adds this to the release jobset.
@andir andir force-pushed the andir:firefox73 branch from b5d44fb to 7a625e7 Feb 11, 2020
@tokudan
Copy link
Contributor

@tokudan tokudan commented Feb 11, 2020

The security advisories lists severall high issues: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/
"This could have caused memory corruption and a potentially exploitable crash."
"Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

@andir andir merged commit 5a00198 into NixOS:master Feb 12, 2020
16 checks passed
16 checks passed
nss, rust-cbindgen on x86_64-darwin Failure
Details
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-maintainers matching changed paths to changed attrs...
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
nss, rust-cbindgen on aarch64-linux Success
Details
nss, rust-cbindgen on x86_64-linux Success
Details
Staging automation moved this from WIP to Done Feb 12, 2020
@andir andir mentioned this pull request Feb 12, 2020
3 of 10 tasks complete
@vcunat
Copy link
Member

@vcunat vcunat commented Feb 12, 2020

This broke for me:

building '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv'...
unpacking sources
unpacking source archive /nix/store/gdb2p0a6hzsfha5ldmzqq132dvq5ipxs-source
source root is source
patching sources
installing
    Updating crates.io index
error: failed to sync

Caused by:
  failed to load pkg lockfile

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  invalid version 3 on git_proxy_options; class=Invalid (3)
Traceback (most recent call last):
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 42, in <module>
    main()
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 17, in main
    assert list(data.keys()) == ["source"]
AssertionError
builder for '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed with exit code 1
error: build of '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed
@andir
Copy link
Member Author

@andir andir commented Feb 12, 2020

This broke for me:

building '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv'...
unpacking sources
unpacking source archive /nix/store/gdb2p0a6hzsfha5ldmzqq132dvq5ipxs-source
source root is source
patching sources
installing
    Updating crates.io index
error: failed to sync

Caused by:
  failed to load pkg lockfile

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  invalid version 3 on git_proxy_options; class=Invalid (3)
Traceback (most recent call last):
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 42, in <module>
    main()
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 17, in main
    assert list(data.keys()) == ["source"]
AssertionError
builder for '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed with exit code 1
error: build of '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed

Yeah, look at #79930, I had that path still cached locally from before the last staging merge thus not realizing this until it hit master :/

dtzWill added a commit to dtzWill/nixpkgs that referenced this pull request Feb 12, 2020
firefox: 72.0.3 -> 73.0
(cherry picked from commit 5a00198)
@andir andir mentioned this pull request Feb 17, 2020
2 of 10 tasks complete
@nixos-discourse
Copy link

@nixos-discourse nixos-discourse commented Feb 18, 2020

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/firefox-not-up-to-date/5941/2

vcunat added a commit that referenced this pull request Feb 22, 2020
It was added in PR #79786 (7a625e7) and then removed in commit 2de3caf
(apparently unintentionally as a rebase conflict).

_I think the ordering used by Eelco would sort the line this way._
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Staging
  
Done
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.