firefox: 79.0 -> 80.0, firefox-esr-78: 78.1.0esr -> 78.2.0esr, firefox-esr-68: 68.11.0esr -> 68.12.0esr

[stigtsp]

Motivation for this change

Security and bug fixes

firefox: 79.0 -> 80.0
https://www.mozilla.org/en-US/firefox/80.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2020-36/

firefox-esr-78: 78.1.0esr -> 78.2.0esr
https://www.mozilla.org/en-US/firefox/78.2.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2020-38/

firefox-esr-68: 68.11.0esr -> 68.12.0esr
https://www.mozilla.org/en-US/firefox/68.12.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2020-37/

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[stigtsp]

Local build and testing is underway. Hm, not enough ram to build 80.0

[ajs124]

The 80.0 build failed for me, when I did these bumps, which is why I didn't open a PR. Haven't gotten around to debugging it yet, though.

[vcunat]

/build/firefox-80.0/obj-x86_64-pc-linux-gnu/dist/include/mozilla/dom/IOUtils.h:17:10: fatal error: nspr/prio.h: No such file or directory
   17 | #include "nspr/prio.h"
      |          ^~~~~~~~~~~~~
compilation terminated.

We have ${nspr.dev}/include/prio.h... actually I don't understand why nspr is using so "ambiguous" include paths like <prio.h> directly.

[vcunat]

Well... probably nothing important, as with the following patch it built fine:

--- a/pkgs/development/libraries/nspr/default.nix
+++ b/pkgs/development/libraries/nspr/default.nix
@@ -37,6 +37,7 @@ stdenv.mkDerivation {
   postInstall = ''
     find $out -name "*.a" -delete
     moveToOutput share "$dev" # just aclocal
+    ln -s . "$dev/include/nspr"
   '';
 
   buildInputs = [] ++ stdenv.lib.optionals stdenv.isDarwin [ CoreServices ];

[stigtsp]

Well... probably nothing important, as with the following patch it built fine:

Thx!

[Kloenk]

Will build and then test firefox. Should we add nspr to the title? So this pr is easier to find if something breaks?

[stigtsp]

The change to nspr will trigger a mass rebuild, this should be avoided imho. I'm not very familiar with building firefox, so any help is welcome. :)

Currently looking into:

• disabling --with-system-nspr
• patching in an other path to the nspr includes

[Kloenk]

Why does this occurs? Is it a packaging problem in nspr? Should it be fixed either way?

[vcunat]

500--1000... isn't really a large rebuild. That's way smaller than the usual FF updates where we had to bump nss. But certainly, if you find a nice way of avoiding it, I won't mind. My patch was a quick hack anyway; I don't understand why the problem started.

[ajs124]

There already is a nspr and nss bump in staging right now, through #96185

That's probably unrelated to what we're seeing here, but just so everyone is aware in case it is related.

[Kloenk]

So maybe somehow include the nspr fix in staging? (Would be greate if FF 80 got into 20.09.

Firefox build on my side, and everything seems working.

[vcunat]

Firefox has always been backported so far, so I expect it will make it in any case. EDIT: current staging most likely won't make it to 20.09, BTW.

[Kloenk]

Firefox has always been backported so far, so I expect it will make it in any case. EDIT: current staging most likely won't make it to 20.09, BTW.

That's why I mentioned that i would like FF in 20.09. I'm currently trying to build it with the old nspr, and like 4 lines fixed in firefox.
But even my biggest machine takes some time building Firefox. So maybe I can report success tomorrow

[Kloenk]

Oh, I just noticed those errors, but it can be that they are from my config, which is kinda broken. This errors occur when right clicking an tab, trying to open it in another container (with the mozzilla container addon)

console.warn: LoginRecipes: "getRecipes: falling back to a synchronous message for:" "https://github.com"
JavaScript error: resource://gre/modules/TelemetrySession.jsm, line 1166: Error: TelemetryStopwatch: finishing nonexisting stopwatch. Histogram: "FOG_EVAL_WINDOW_RAISED_S", key: ""
Gdk-Message: 20:16:16.192: Unable to load hand2 from the cursor theme
JavaScript error: resource://gre/modules/ExtensionChild.jsm, line 813: DataCloneError: The object could not be cloned.
JavaScript error: , line 0: AbortError: The operation was aborted.
Gdk-Message: 20:17:01.923: Unable to load hand2 from the cursor theme
Gdk-Message: 20:17:03.838: Unable to load hand2 from the cursor theme
Gdk-Message: 20:17:22.635: Unable to load hand2 from the cursor theme
Gdk-Message: 20:17:23.412: Unable to load split_h from the cursor theme
Gdk-Message: 20:17:23.412: Unable to load sb_h_double_arrow from the cursor theme
Gdk-Message: 20:17:23.429: Unable to load hand2 from the cursor theme
Gdk-Message: 20:17:23.495: Unable to load hand2 from the cursor theme
JavaScript error: resource://gre/modules/ExtensionChild.jsm, line 813: DataCloneError: The object could not be cloned.
JavaScript error: , line 0: AbortError: The operation was aborted.

[Kloenk]

Exactly tested your last commit (just build it my self). That firefox works for me, and also the error is not there anymore.
So looks good to me now

[stigtsp]

Did a substituteInPlace on IOUtils.{h,cpp}, this seems to work and avoids having to patch nspr. Rebuilding, and testing.

 postPatch = ''
    rm -rf obj-x86_64-pc-linux-gnu
  '' + lib.optionalString (lib.versionAtLeast ffversion "80") ''
    substituteInPlace dom/system/IOUtils.h \
      --replace '#include "nspr/prio.h"'          '#include "prio.h"'

    substituteInPlace dom/system/IOUtils.cpp \
      --replace '#include "nspr/prio.h"'          '#include "prio.h"' \
      --replace '#include "nspr/private/pprio.h"' '#include "private/pprio.h"' \
      --replace '#include "nspr/prtypes.h"'       '#include "prtypes.h"'
  '';

[vcunat]

I expect it will be OK as usual. I used each for at least a few minutes. I can't see anything risky for us in announcements.

[Kloenk]

Anyone tested the Firefox esr updates?

[stigtsp]

Anyone tested the Firefox esr updates?

Did a very quick test of firefox-esr-68, firefox-esr-78 and firefox. All seem OK.

[ghost]

This needs a backport to 20.03, is anyone interested in preparing the PR and doing basic testing?

[vcunat]

I can certainly do the builds and a few minutes of usage.

[Kloenk]

I can certainly do the builds and a few minutes of usage.

Should I help building/testing? I also have a buildfarm

[vcunat]

Done. Anyone can still continue testing and commenting, though in case of 20.03 the update is likely to hit channels soon (today), contrary to nixos-unstable that's blocked ATM.