Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firefox 75.0 -> 76.0 #86788

Merged
merged 6 commits into from
May 7, 2020
Merged

firefox 75.0 -> 76.0 #86788

merged 6 commits into from
May 7, 2020

Conversation

andir
Copy link
Member

@andir andir commented May 4, 2020

This is the upcoming Firefox 76 update. It is due for tomorrow.

The prelimiary changelog can be seen over at mozillas release notes repo.

Usually these updates also fix a few security issues with varying
severity.

While ofBorg will classify this is a mass-rebuild the Firefox bump
itself isn't. The NSS change included in this PR has been submitted (and
merged) to staging and should be included in the next staging iteration.

I kept the NSS change to make it easier to review this PR and to merge
it into master if the fixed security issues are severe enough to warrant
it.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@andir andir changed the title ###### Motivation for this change firefox 75.0 -> 76.0 May 4, 2020
@ofborg ofborg bot requested a review from edolstra May 4, 2020 15:26
This was referenced May 4, 2020
Merged
Merged
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/firefox-not-up-to-date/5941/11

@mweinelt
Copy link
Member

mweinelt commented May 4, 2020

Built firefox-wayland and it's up and running writing this comment.

Thanks!

@vcunat vcunat added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 5, 2020
@vcunat
Copy link
Member

vcunat commented May 5, 2020
edited
Loading

It's not surprising that there are multiple "critical" vulnerabilities fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/

EDIT: link to beautiful version of release notes, for completeness: https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

@drewrisinger
Copy link
Contributor

@andir is there a reason you merged #86806 & #86811 before this?

@vcunat
Copy link
Member

vcunat commented May 5, 2020

Because of the rebuilds, I suppose. Even the current staging-next doesn't have that nss version yet.

@andir
Copy link
Member Author

andir commented May 5, 2020

@andir is there a reason you merged #86806 & #86811 before this?

Yeah, @vcunat is right. The other two have less rebuilds since they are already using dedicated NSS packages. There is no reason to delay the stable branches because of master needing more rebuilds/time.

vcunat pushed a commit that referenced this pull request May 6, 2020
@andir @vcunat
firefox-esr-68: 68.7.0esr -> 68.8.0esr
5bac4f0 
Discussion: #86788
vcunat pushed a commit that referenced this pull request May 6, 2020
@andir @vcunat
firefox-bin: 75.0 -> 76.0
5040192 
Discussion: #86788
@vcunat
Copy link
Member

vcunat commented May 6, 2020

I think just the firefox attribute needs the updated NSS. For now I briefly tried the most important ones atop master (-bin and -esr) and pushed them.

@vcunat vcunat merged commit a2d5351 into NixOS:master May 7, 2020
dtzWill pushed a commit to dtzWill/nixpkgs that referenced this pull request May 11, 2020
@vcunat @dtzWill
Merge NixOS#86788: firefox 75.0 -> 76.0 (critical security)
a6fd326 
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Some of the changes were in master already, but whatever...

(cherry picked from commit a2d5351)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mweinelt mweinelt mweinelt approved these changes

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 11.by: package-maintainer This PR was created by the maintainer of the package it changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andir @nixos-discourse @mweinelt @vcunat @drewrisinger