[20.03] update firefox to latests stable (secure) release #84248
+1,404
−1,167
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a backport to support building stable firefox version on the stable release channel. Firefox has some very strict requirements on it's dependencies. Since we do not want to use bundled versions of dependencies this backport is required fore Firefox >=74.
This is a backport to support building stable firefox version on the stable release channel. Firefox has some very strict requirements on it's dependencies. Since we do not want to use bundled versions of dependencies this backport is required fore Firefox >=74.
|
Given that the security issues in older versions of Firefox are already exploited in the wild (See https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/ ), updating Firefox seems rather urgent. |
|
Just tried out firefox-wayland 74.0.1 without issues. |
|
It built for aarch64, I am not setup to quickly test the build, but it's highly unlikely it would fail to run. If it does, it will require enough work that it will slow down the release of this fix. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
Now that we are approaching the 20.03 release it is probably time to either update the Firefox expression (this PR) or mark it as insecure. (https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/)
With 19.09 I started taking an alterantve approach at keeping stable firefox builds available on the stable branch. The challenge here is to keep the dependencies updated. Back in the days (before it required rustc) we occasionally just bumped the dependencies in the stable branch (through a staging cycle). That has show to be rather high impact. Especially the python packages do not seem to like that. (Random OpenSSL, sqlite, … issues)
For 20.03 I volunteer to do the same as for 19.09 and just maintain a bunch of additional attributes for all the dependencies that are required for Firefox. It is mostly tedious (time consuming) work but that has shown to be worth it. If we intend to change that we should put that in writing and have a clearly defined strategy for newer releases.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)cc @NixOS/nixos-release-managers
cc @samueldr can you try this build on a real aarch64 device? I still haven't gotten any of those that I ordered -.-