Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13609 closed enhancement (fixed)

firefox-68.9.0esr

Reported by: ken@… Owned by: blfs-book
Priority: normal Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

OK, I'm jumping the gun to create the ticket (release due some time on Monday, release notes due Tuesday) so that I can document how builds with gcc and clang compare.

I've seen comments that mozilla don't like clang-10 (slow), but equally gcc-10.1 is arguably slow (extra steps in the compilation). Meanwhile, as of today both fedora and Opensuse continue to use gcc - and OpenSuse are definite that their security guys demand it. In general, clang has lagged behind gcc in security options, but it seems to either be catching up, or at least not barfing on the options. So, how do the two compare ?

Building on current LFS/BLFS with candidate 1 on a 4-core machine:

gcc: 21.99 SBU, 4211 MB build, 167 MB installed = 4377 MB

clang: 22.84 SBU, 4137 MB build, 174 MB installed = 4311 MB

So, using current clang produces a marginally smaller build tree with a larger installed binary, and takes longer (+1 SBU when rounded)

Will remeasure when ff78 (the next ESR) comes out at the back end of June (and IFF that doesn't need a newer rust, will update firefox to 78).

Change History (8)

comment:1 by Xi Ruoyao, 4 years ago

js68 built and installed OK but upgrading (installing over 68.8.0) still crashes gnome-shell.

in reply to:  1 comment:2 by ken@…, 4 years ago

Replying to xry111:

js68 built and installed OK but upgrading (installing over 68.8.0) still crashes gnome-shell.

Thanks for that information - I knew it built and DESTDIR'd, but I have no way of running it.

comment:3 by ken@…, 4 years ago

Source is now out, The only obvious change (apart from the toolchain tests adding loads more possible rust targets on newer versions of rust, and the usual set of nsSTSPreloadList.inc changes) is that nss now needs to be at last 3.44.4. Because mozilla don't expect most people to use ESR, they only check for that. We should be using 3.52.1 or later for the similar fixes.

As always, I have no opinion on whether there are any security fixes, so will leave this open until the Release Notes are available.

comment:4 by ken@…, 4 years ago

Versions updated at r23226.

comment:5 by ken@…, 4 years ago

CVE-2020-12405: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9

Reporter

Mozilla developers

Impact

high

Description

Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

The Release Notes also mention CVE-2020-12399: Timing attack on DSA signatures in NSS library but for our purposes that was already fixed in the nss update.

comment:6 by ken@…, 4 years ago

Resolution: fixed
Status: newclosed

comment:7 by Bruce Dubbs, 4 years ago

Milestone: 9.210,0

Milestone renamed

comment:8 by Bruce Dubbs, 4 years ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.