#18110 closed enhancement (fixed)
js firefox 102.12.0
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor versions
Change History (16)
follow-up: 2 comment:1 by , 12 months ago
comment:2 by , 12 months ago
Replying to ken@…:
I'm surprised this has appeared now, the release is a few days away. currently candidate build 1 which seems to match how previous rleeases have appeared.
I'm currently build-testing https://phabricator.services.mozilla.com/D179683 which has 'Co-authored-by: Douglas R. Reno <renodr@…>' in the commit. This is waiting for review, not sure if they will create a second candidate.
I'm surprised that it got picked up now as well, might be something odd with the currency script. Let's see what tonight's script run returns - if it still shows up, let's bring it back up to Bruce when he's back early next week.
Hahaha I'm glad to see Mozilla finally nabbed the patch that I sent them (on March 19th!) That was fun to work on :)
That one should resolve the "not a valid Ident" errors when building Firefox. It's due to LLVM changing how it reports anonymous items if I recall correctly.
comment:3 by , 12 months ago
It looks like they grabbed it from the patch you linked in your bug report (which is identical to the one I sent them back in March) :)
comment:4 by , 12 months ago
Unfortunately, I was mistaken about the gcc13 fixes being included - I must have been looking at ff114. Retrying.
Unsure if your patch will make it into 102.12.0. If not, at least we know what to use. For the gcc13 part we could either just remove part 1 or 3 of the consolidated patch, or reinstate the sed. I'm inclined to reduce the consolidated patch.
follow-up: 6 comment:5 by , 12 months ago
I'll try to make a patch to build Firefox-102.12.0 with Rustc-1.70.0.
comment:6 by , 12 months ago
Replying to Xi Ruoyao:
I'll try to make a patch to build Firefox-102.12.0 with Rustc-1.70.0.
Thanks. I will repeat my past comment about updating to the latest rust often putting us on the bleeding edge. The next long-term (esr) firefox will be ff115 and the expectation is that thunderbird will follow.
According to https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html it is expected that 115 will be built with rust-1.69.0.
follow-up: 8 comment:7 by , 12 months ago
Hmm, it looks like the upstream has updated third_party/rust/bindgen/src/codegen/mod.rs (for LLVM 16) w/o updating .cargo-checksum.json. Won't it cause a build failure?
comment:8 by , 12 months ago
Replying to Xi Ruoyao:
Hmm, it looks like the upstream has updated
third_party/rust/bindgen/src/codegen/mod.rs(for LLVM 16) w/o updating.cargo-checksum.json. Won't it cause a build failure?
Alright, they added some magic into Cargo.lock and Cargo.toml to suppress the checksum calculation, I guess. Then we should be able to drop the checksum part in our downstream patch too.
comment:9 by , 12 months ago
The patch is now https://www.linuxfromscratch.org/patches/downloads/firefox/firefox-102.12.0-consolidated-1.patch. I've built FF 102.12.0 with it and Rustc-1.70.0 + LLVM-16.0.5 and I can use it to view some websites.
I'll check how things go on with TB now...
comment:10 by , 12 months ago
For the little it is worth, it seems that firefox-102.12.0 appeared on 31st May - I must have forgotten to reload the page of releases on my other two machines. Matches the sole candidate.
Very strange, because 114.0 has not yet appeared and no release notes.
comment:11 by , 12 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Firefox builds ok with both rustc-1.69.0 and 1.70.0, each using the updated patch. The build with 1.70.0 uses marginally less space (same install size), both round to 19 SBU.
JS does not need a patch, took 1.8 SBU with both versions of rustc, same space measurements and test results as are in the book.
Waiting for the release notes. I see a couple of minor changes in JS, but AFAICS they are not pulled into our JS build.
comment:12 by , 12 months ago
| Priority: | normal → elevated |
|---|
Two CVEs, both rated High. https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
comment:15 by , 12 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I'm surprised this has appeared now, the release is a few days away. currently candidate build 1 which seems to match how previous rleeases have appeared.
I'm currently build-testing https://phabricator.services.mozilla.com/D179683 which has 'Co-authored-by: Douglas R. Reno <renodr@…>' in the commit. This is waiting for review, not sure if they will create a second candidate.