Opened 3 years ago
Closed 3 years ago
#15369 closed enhancement (fixed)
firefox-91.0esr
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Now available, release notes expected in about 24 hours.
Note that ftp links are no-longer supported, and the outline of the current tab is less prominent than in 78.
Change History (14)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 4 comment:2 by , 3 years ago
follow-up: 6 comment:3 by , 3 years ago
It builds on most of my recent systems (back to 10.1), but on one of those where I had earlier built 91.0b8 it failed and I could neither rebuild 91.0b8 nor any of the release candidates. Gave up on that, newer systems were fine. Today I tried to update an old 10.0 system, got the same error:
/scratch/working/firefox-91.0/firefox-build-dir/_virtualenvs/common/bin/python -m mozbuild.action.check_binary --target --networking /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a 21:24.27 TEST-UNEXPECTED-FAIL | check_networking | libgkrust.a | Identified 1 networking function(s) being imported in the rust static library (getsockname) 21:24.27 make[4]: *** [/scratch/working/firefox-91.0/config/makefiles/rust.mk:418: /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a] Error 1
No idea what causes this.
follow-up: 11 comment:4 by , 3 years ago
Replying to Bruce Dubbs:
Not supporting ftp is a big mistake in my opinion. I, for one, ill not be upgrading on my workstation.
Unfortunately, it looks like all the other major browsers have removed it too. The only browser in the book that *might* open FTP links is Epiphany, and even then, I don't know how long that will last.
Chrome 88 removed support for FTP entirely from the browser. That impacts QtWebEngine/Falkon as well.
Seamonkey might be the only one left here soon for FTP support (unless they update to FF90's rendering engine, and in that case, it'll be gone too).
It's looking like the end for FTP unless people like using Lynx/links
comment:5 by , 3 years ago
People who wish to stick with 78.13.0esr for the moment should follow the instructions in the 10.1 book re how to invoke mach, while noting that the final release of the 78esr series will be 78.15.0 in October.
follow-up: 13 comment:6 by , 3 years ago
Replying to ken@…:
It builds on most of my recent systems (back to 10.1), but on one of those where I had earlier built 91.0b8 it failed and I could neither rebuild 91.0b8 nor any of the release candidates. Gave up on that, newer systems were fine. Today I tried to update an old 10.0 system, got the same error:
/scratch/working/firefox-91.0/firefox-build-dir/_virtualenvs/common/bin/python -m mozbuild.action.check_binary --target --networking /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a
21:24.27 TEST-UNEXPECTED-FAIL | check_networking | libgkrust.a | Identified 1 networking function(s) being imported in the rust static library (getsockname)
21:24.27 make[4]: * /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a Error 1
}}}
No idea what causes this.
I've now hit this twice: first on the system from May with updated gcc-11.1.0 where I had been looking at firefox betas and had successfully built 91.0b8, now on one of my BLFS-10.0 systems (gcc-10.2.0), the other is fine. On the May system, due to excessive cleaning up of my local esr script I was initially using clang, but the problem persisted with gcc.
On both my current glibc-2.34 systems 91 builds fine, as it does on three BLFS-10.1 systems and one other recent system with patched gcc-10.1.
comment:7 by , 3 years ago
Starting to wonder if, as a short-term measure, it is worth adding a firefox-legacy page for 78.13.0.
comment:8 by , 3 years ago
| Priority: | normal → elevated |
|---|
Release notes:
First, the changes from 90.0:
Building on Total Cookie Protection, we've added a more comprehensive logic for clearing cookies that prevents hidden data leaks and makes it easy for users to understand which websites are storing local information. Learn more Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more The simplify page when printing feature is back! When printing, under More settings > Format select the Simplified option when available to get a clutter-free page. Learn more HTTPS-First Policy: Firefox Private Browsing windows now attempt to make all connections to websites secure, and fall back to insecure connections only when websites do not support it. Learn more We've added a new locale: Scots (sco) The address bar now provides Switch to Tab results also in Private Browsing windows. Firefox now automatically enables High Contrast Mode when "Increase Contrast" is checked on MacOS Firefox now does catch-up paints for almost all user interactions, enabling a 10-20% improvement in response time to most user interactions.
comment:9 by , 3 years ago
And now the security fixes, these are common to both 78.13 and 91.0
#CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption
Reporter
pahhur
Impact
high
Description
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash.
Note: This issue only affected Linux operating systems. Other operating systems are unaffected.
References
Bug 1696138
#CVE-2021-29988: Memory corruption as a result of incorrect style treatment
Reporter
Irvan Kurniawan
Impact
high
Description
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.
References
Bug 1717922
#CVE-2021-29984: Incorrect instruction reordering during JIT optimization
Reporter
Lukas Bernhard
Impact
high
Description
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.
References
Bug 1720031
#CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption
Reporter
Irvan Kurniawan
Impact
high
Description
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.
References
Bug 1722204
#CVE-2021-29985: Use-after-free media channels
Reporter
Marcin 'Icewall' Noga of Cisco Talos
Impact
moderate
Description
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.
References
Bug 1722083
#CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
comment:10 by , 3 years ago
On my recent system where I cannot build 91.0, I've given up on that. checked the kernel config (it was 5.13.4) against a current system, only two changes from what works on this box. and both of those are in use on another machine where 91.0 builds ok.
Looked at what packages have been updated since I last successfully built 91.0b8 here - JS78 and firefox with certs, polkit, elogind, node.js for 78.12.0, nss, certs, 78.13.0 for JS78, polkit, elogind. Then I tried latest c-ares, as expected no change. I've now adapted my scripts to let me build 78.13.0 in this case (omit new mach command). I'm now using that (with a new profile - don't want to mess up my newer systems on this box.
I now intend to create a firefox-legacy page for people who are, in the short term, sticking with 78.13.0.
comment:11 by , 3 years ago
Replying to Douglas R. Reno:
Replying to Bruce Dubbs:
Not supporting ftp is a big mistake in my opinion. I, for one, ill not be upgrading on my workstation.
Unfortunately, it looks like all the other major browsers have removed it too. The only browser in the book that *might* open FTP links is Epiphany, and even then, I don't know how long that will last.
Chrome 88 removed support for FTP entirely from the browser. That impacts QtWebEngine/Falkon as well.
Seamonkey might be the only one left here soon for FTP support (unless they update to FF90's rendering engine, and in that case, it'll be gone too).
It's looking like the end for FTP unless people like using Lynx/links
I have successfully built firefox 90.2 on my LFS 10.0 (llvm 11.0.0) based system.
I'll give it a try, after having upgraded to rustc 1.52.0. I'll report success or failure when I'm finished.
Regarding ftp: For me, that's clearly regrettable, but no showstopper. I usually copy ftp links in the clipboard and then download them with curl anyway.
I'm also gonna have a look if there is a nice ftp addon for firefox, that might fill the gap.
comment:12 by , 3 years ago
Book updated in @883e3763504bb709345891b0daf4ed4fe7b07d03 10.1-757.
Security advisories are pending (maybe tomorrow, maybe thursday).
comment:13 by , 3 years ago
Replying to ken@…:
Replying to ken@…:
It builds on most of my recent systems (back to 10.1), but on one of those where I had earlier built 91.0b8 it failed and I could neither rebuild 91.0b8 nor any of the release candidates. Gave up on that, newer systems were fine. Today I tried to update an old 10.0 system, got the same error:
/scratch/working/firefox-91.0/firefox-build-dir/_virtualenvs/common/bin/python -m mozbuild.action.check_binary --target --networking /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a21:24.27 TEST-UNEXPECTED-FAIL | check_networking | libgkrust.a | Identified 1 networking function(s) being imported in the rust static library (getsockname)
21:24.27 make[4]: * /scratch/working/firefox-91.0/firefox-build-dir/x86_64-unknown-linux-gnu/release/libgkrust.a Error 1
}}}
No idea what causes this.
I've now hit this twice: first on the system from May with updated gcc-11.1.0 where I had been looking at firefox betas and had successfully built 91.0b8, now on one of my BLFS-10.0 systems (gcc-10.2.0), the other is fine. On the May system, due to excessive cleaning up of my local esr script I was initially using clang, but the problem persisted with gcc.
On both my current glibc-2.34 systems 91 builds fine, as it does on three BLFS-10.1 systems and one other recent system with patched gcc-10.1.
I just now successfully built and am running firefox 91.0 on an LFS 10.0 based system. My toolchain is:
- gcc 10.2.0
- binutils 2.35
- llvm 11.0.0
- rustc 1.52.0
Had to upgrade icu to 69.1, but then it went fine.
comment:14 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Security Advisory SA 10.1-089
Not supporting ftp is a big mistake in my opinion. I, for one, ill not be upgrading on my workstation.