Overview
Request 477955 superseded
- reenable ALSA support which was removed by default upstream
- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
* MFSA 2017-05
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5403: Use-after-free using addRange to add range to an
incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5406: Segmentation fault in Skia with canvas operations
(bmo#1306890)
CVE-2017-5407: Pixel and history stealing via floating-point
timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage
collection incremental sweeping (bmo#1330687)
CVE-2017-5408: Cross-origin reading of video captions in violation
of CORS (bmo#1313711)
- Created by wrosenauer
- In state superseded
- Supersedes 477659
- Superseded by 481063
- Open review for openSUSE:Factory:Staging:J
Hello! Tell me please, is Firefox 52 really removed ALSA support and it should now be used via apulse or pa? If so, is there an option to make a patch that returns it? Or, at least, do so that Firefox does not require pa if apulse is installed.
In this build firefox don't supported ALSA! For enable ALSA support need add "ac_add_options --enable-alsa".
Request History
wrosenauer created request
- reenable ALSA support which was removed by default upstream
- update to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
* MFSA 2017-05
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5403: Use-after-free using addRange to add range to an
incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5406: Segmentation fault in Skia with canvas operations
(bmo#1306890)
CVE-2017-5407: Pixel and history stealing via floating-point
timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage
collection incremental sweeping (bmo#1330687)
CVE-2017-5408: Cross-origin reading of video captions in violation
of CORS (bmo#1313711)
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added factory-repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
factory-repo-checker reopened review
MozillaFirefox is still building for repository openSUSE_Factory
factory-repo-checker accepted review
Builds for repo mozilla:Factory/openSUSE_Factory
jberry_factory set openSUSE:Factory:Staging:I as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:I"
jberry_factory accepted review
Picked openSUSE:Factory:Staging:I
dimstar accepted review
dimstar_suse accepted review
Removing from openSUSE:Factory:Staging:I, re-evaluation needed
dimstar_suse approved review
Removing from openSUSE:Factory:Staging:I, re-evaluation needed
dimstar_suse added factory-staging as a reviewer
Requesting new staging review
dimstar_suse set openSUSE:Factory:Staging:J as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:J"
dimstar_suse accepted review
Picked openSUSE:Factory:Staging:J
superseded by 481063
We need a smaller staging here - as we need to get cargo and rust into the rings now
https://bugzilla.opensuse.org/show_bug.cgi?id=1029288
We need cargo and rust for ppc64le
Cargo fix is in Staging:J - bootstrapping has been handled via aggregates for now; repo is building for x86_64 and ppc64le
Buhuu - now we have rust available for ppc64le - and Firefox fails to build:
https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:J:DVD/MozillaFirefox/standard/ppc64le
Bummer. I can look at it but it might take a bit. What is your proposal? Should we disable rust to get the new version into TW sooner so there is time to solve outstanding issues?
I'd say it depends on the severity of the security fixes vs the time required to get this sorted
The issues around bootstrapping rust has been solved in all major archs for openSUSE (i586,x86_64,ppc64le,aarch64,s390x) - so currently this request is really just blocked on the fact that it fails to build on ppc64le
I'm not sure I understand the issue correctly. This is something which should be fixed in rustc or Firefox?