Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firefox: 72.0.3 -> 73.0 #79786

Merged
merged 7 commits into from Feb 12, 2020
Merged

firefox: 72.0.3 -> 73.0 #79786

merged 7 commits into from Feb 12, 2020

Conversation

andir
Copy link
Member

@andir andir commented Feb 11, 2020
edited by worldofpeace

Motivation for this change

Update to latest Firefox release.

The NSS update is a huge rebuild in here thus this should only go in if it has serious security fixes or #79784 has gone through the staging cycle.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested review from edolstra and jtojnar February 11, 2020 02:42
@veprbl veprbl added this to WIP in Staging via automation Feb 11, 2020
@veprbl veprbl removed this from WIP in Staging Feb 11, 2020
@FRidh FRidh added this to WIP in Staging via automation Feb 11, 2020
@tokudan
Copy link
Contributor

tokudan commented Feb 11, 2020

The security advisories lists severall high issues: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/
"This could have caused memory corruption and a potentially exploitable crash."
"Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

@andir andir merged commit 5a00198 into NixOS:master Feb 12, 2020
Staging automation moved this from WIP to Done Feb 12, 2020
@andir andir mentioned this pull request Feb 12, 2020
Merged
10 tasks
@vcunat
Copy link
Member

vcunat commented Feb 12, 2020

This broke for me:

building '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv'...
unpacking sources
unpacking source archive /nix/store/gdb2p0a6hzsfha5ldmzqq132dvq5ipxs-source
source root is source
patching sources
installing
    Updating crates.io index
error: failed to sync

Caused by:
  failed to load pkg lockfile

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  invalid version 3 on git_proxy_options; class=Invalid (3)
Traceback (most recent call last):
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 42, in <module>
    main()
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 17, in main
    assert list(data.keys()) == ["source"]
AssertionError
builder for '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed with exit code 1
error: build of '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed

@andir
Copy link
Member Author

andir commented Feb 12, 2020

This broke for me:

building '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv'...
unpacking sources
unpacking source archive /nix/store/gdb2p0a6hzsfha5ldmzqq132dvq5ipxs-source
source root is source
patching sources
installing
    Updating crates.io index
error: failed to sync

Caused by:
  failed to load pkg lockfile

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  invalid version 3 on git_proxy_options; class=Invalid (3)
Traceback (most recent call last):
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 42, in <module>
    main()
  File "/nix/store/nsy69si6h3raghb7n3pw7kfh9skvw6v3-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 17, in main
    assert list(data.keys()) == ["source"]
AssertionError
builder for '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed with exit code 1
error: build of '/nix/store/h35i43fbbrabscbicnqd0idlnjpwbbla-rust-cbindgen-0.13.1-vendor.drv' failed

Yeah, look at #79930, I had that path still cached locally from before the last staging merge thus not realizing this until it hit master :/

dtzWill pushed a commit to dtzWill/nixpkgs that referenced this pull request Feb 12, 2020
@andir @dtzWill
Merge pull request NixOS#79786 from andir/firefox73
1c5b20c 
firefox: 72.0.3 -> 73.0
(cherry picked from commit 5a00198)
@andir andir mentioned this pull request Feb 17, 2020
Merged
10 tasks
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/firefox-not-up-to-date/5941/2

vcunat added a commit that referenced this pull request Feb 22, 2020
@vcunat
release-combined: readd firefox-esr test
de4f68d 
It was added in PR #79786 (7a625e7) and then removed in commit 2de3caf
(apparently unintentionally as a rebase conflict).

_I think the ordering used by Eelco would sort the line this way._
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@worldofpeace worldofpeace worldofpeace left review comments

@edolstra edolstra Awaiting requested review from edolstra

@jtojnar jtojnar Awaiting requested review from jtojnar

Assignees
No one assigned
Labels
6.topic: nixos 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 11.by: package-maintainer
Projects
Staging
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@andir @tokudan @vcunat @nixos-discourse @worldofpeace