#18110 closed enhancement (fixed)
js firefox 102.12.0
| Reported by: | Douglas R. Reno | Owned by: | |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor versions
Change History (16)
follow-up: 2 comment:1 by , 3 years ago
comment:2 by , 3 years ago
Replying to ken@…:
I'm surprised this has appeared now, the release is a few days away. currently candidate build 1 which seems to match how previous rleeases have appeared.
I'm currently build-testing https://phabricator.services.mozilla.com/D179683 which has 'Co-authored-by: Douglas R. Reno <renodr@…>' in the commit. This is waiting for review, not sure if they will create a second candidate.
I'm surprised that it got picked up now as well, might be something odd with the currency script. Let's see what tonight's script run returns - if it still shows up, let's bring it back up to Bruce when he's back early next week.
Hahaha I'm glad to see Mozilla finally nabbed the patch that I sent them (on March 19th!) That was fun to work on :)
That one should resolve the "not a valid Ident" errors when building Firefox. It's due to LLVM changing how it reports anonymous items if I recall correctly.
comment:3 by , 3 years ago
It looks like they grabbed it from the patch you linked in your bug report (which is identical to the one I sent them back in March) :)
comment:4 by , 3 years ago
Unfortunately, I was mistaken about the gcc13 fixes being included - I must have been looking at ff114. Retrying.
Unsure if your patch will make it into 102.12.0. If not, at least we know what to use. For the gcc13 part we could either just remove part 1 or 3 of the consolidated patch, or reinstate the sed. I'm inclined to reduce the consolidated patch.
follow-up: 6 comment:5 by , 3 years ago
I'll try to make a patch to build Firefox-102.12.0 with Rustc-1.70.0.
comment:6 by , 3 years ago
Replying to Xi Ruoyao:
I'll try to make a patch to build Firefox-102.12.0 with Rustc-1.70.0.
Thanks. I will repeat my past comment about updating to the latest rust often putting us on the bleeding edge. The next long-term (esr) firefox will be ff115 and the expectation is that thunderbird will follow.
According to https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html it is expected that 115 will be built with rust-1.69.0.
follow-up: 8 comment:7 by , 3 years ago
Hmm, it looks like the upstream has updated third_party/rust/bindgen/src/codegen/mod.rs (for LLVM 16) w/o updating .cargo-checksum.json. Won't it cause a build failure?
comment:8 by , 3 years ago
Replying to Xi Ruoyao:
Hmm, it looks like the upstream has updated
third_party/rust/bindgen/src/codegen/mod.rs(for LLVM 16) w/o updating.cargo-checksum.json. Won't it cause a build failure?
Alright, they added some magic into Cargo.lock and Cargo.toml to suppress the checksum calculation, I guess. Then we should be able to drop the checksum part in our downstream patch too.
comment:9 by , 3 years ago
The patch is now https://www.linuxfromscratch.org/patches/downloads/firefox/firefox-102.12.0-consolidated-1.patch. I've built FF 102.12.0 with it and Rustc-1.70.0 + LLVM-16.0.5 and I can use it to view some websites.
I'll check how things go on with TB now...
comment:10 by , 3 years ago
For the little it is worth, it seems that firefox-102.12.0 appeared on 31st May - I must have forgotten to reload the page of releases on my other two machines. Matches the sole candidate.
Very strange, because 114.0 has not yet appeared and no release notes.
comment:11 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Firefox builds ok with both rustc-1.69.0 and 1.70.0, each using the updated patch. The build with 1.70.0 uses marginally less space (same install size), both round to 19 SBU.
JS does not need a patch, took 1.8 SBU with both versions of rustc, same space measurements and test results as are in the book.
Waiting for the release notes. I see a couple of minor changes in JS, but AFAICS they are not pulled into our JS build.
comment:12 by , 3 years ago
| Priority: | normal → elevated |
|---|
Two CVEs, both rated High. https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/
CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
comment:15 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I'm surprised this has appeared now, the release is a few days away. currently candidate build 1 which seems to match how previous rleeases have appeared.
I'm currently build-testing https://phabricator.services.mozilla.com/D179683 which has 'Co-authored-by: Douglas R. Reno <renodr@…>' in the commit. This is waiting for review, not sure if they will create a second candidate.