Bug 32706

Summary:	Firefox 115.8
Product:	Mageia	Reporter:	Marja Van Waes <marja11>
Component:	Security	Assignee:	Nicolas Salguero <nicolas.salguero>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	andrewsfarm, brtians1, fri, joselp, marja11, qa-bugs, security, sysadmin-bugs, yvesbrungard
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	rootcerts, nss, firefox, firefox-l10n	CVE:	CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
Status comment:
Bug Depends on:	32762
Bug Blocks:

Description Marja Van Waes 2024-01-08 23:14:51 CET

+++ This bug was initially created as a clone of Bug #32642 +++

Mozilla has released Firefox 115.6 on December 19:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/

Firefox 115.6 is being tested for Mageia 9, but won't build with python 3.12 in cauldron. See bug#32642, comment#12

Comment 1 Marja Van Waes 2024-01-08 23:24:11 CET

nss-3.96.1-1.mga10 did build, though.

Source RPM: nss firefox firefox-l10n => firefox firefox-l10n

Comment 2 Lewis Smith 2024-01-09 19:44:42 CET

Another one for NicolasS who routinely looks after Firefox.

CC: nicolas.salguero => (none)
Assignee: bugsquad => nicolas.salguero
Whiteboard: (none) => MGA9TOO

Comment 3 Marja Van Waes 2024-01-09 20:39:36 CET

@ Nicolas,

In case you didn't see or receive this mail about Firefox from papoteur:
https://ml.mageia.org/l/arc/dev/2024-01/msg00037.html

It says:

____________________________________________________________

@ns80

I see that the build fails because of imp module not found.

You can replace

import imp

with

import importlib as imp

_____________________________________________________________

Comment 4 papoteur 2024-01-10 11:00:15 CET

(In reply to Marja Van Waes from comment #3)
> @ Nicolas,
> 
> In case you didn't see or receive this mail about Firefox from papoteur:
> https://ml.mageia.org/l/arc/dev/2024-01/msg00037.html
> 
> It says:
> 
> ____________________________________________________________
> 
> @ns80
> 
> I see that the build fails because of imp module not found.
> 
> You can replace
> 
> import imp
> 
> with
> 
> import importlib as imp
> 
> _____________________________________________________________

This is not a tested solution and could be not enough, as importlib is not a one to one substitute to imp.
I found a start of port in their bugzilla, but it is not finished nor merged.
It seems there is a tracker: https://bugzilla.mozilla.org/show_bug.cgi?id=1857515

Comment 5 Morgan Leijström 2024-01-10 17:07:47 CET

Bug for mga9 Firefox is separate Bug 32642
- so Cauldron issues do not hinder the security update for our users.

Whiteboard: MGA9TOO => (none)

Comment 6 Nicolas Salguero 2024-01-24 10:30:07 CET

Mozilla has released Firefox 115.7 on January 23:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/

NSS 3.97 seems to have been released on January 22.

Source RPM: firefox firefox-l10n => nss firefox firefox-l10n
Summary: Firefox 115.6 => Firefox 115.7
Depends on: (none) => 32762

Comment 7 Nicolas Salguero 2024-02-21 09:07:51 CET

Mozilla has released Firefox 115.8 on February 20:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/

There is also new versions of rootcerts and NSS (3.98, which fixes CVE-2023-5388):
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_98.html

Summary: Firefox 115.7 => Firefox 115.8
Source RPM: nss firefox firefox-l10n => rootcerts, nss, firefox, firefox-l10n

Comment 8 Nicolas Salguero 2024-03-01 21:46:39 CET

The build problem with python 3.12 is solved in version 115.8.0.

Resolution: (none) => FIXED
Status: NEW => RESOLVED