Mozilla has released Firefox 52.6 on January 19: https://www.mozilla.org/en-US/firefox/52.6.0/releasenotes/ As of this posting, those release notes haven't been posted yet and neither have the security issues fixed: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ We also have an update to nspr 4.18, rootcerts 20180104, and nss rebuilds for the rootcerts update (Cauldron-only update to 3.35). I need sysadmins to submit packages for Mageia 5. They should be submitted in stages, waiting for each stage to finish before pushing the next: - nspr, rootcerts - nss - firefox - firefox-l10n
Whiteboard: (none) => MGA5TOO
Builds in progress for Mageia 6. Updated packages in core/updates_testing: ======================== libnspr4-4.18-1.mga6 libnspr-devel-4.18-1.mga6 rootcerts-20180104.00-1.mga6 rootcerts-java-20180104.00-1.mga6 nss-3.28.6-1.3.mga6 nss-doc-3.28.6-1.3.mga6 libnss3-3.28.6-1.3.mga6 libnss-devel-3.28.6-1.3.mga6 libnss-static-devel-3.28.6-1.3.mga6 firefox-52.6.0-1.mga6 firefox-devel-52.6.0-1.mga6 firefox-af-52.6.0-1.mga6 firefox-an-52.6.0-1.mga6 firefox-ar-52.6.0-1.mga6 firefox-as-52.6.0-1.mga6 firefox-ast-52.6.0-1.mga6 firefox-az-52.6.0-1.mga6 firefox-bg-52.6.0-1.mga6 firefox-bn_IN-52.6.0-1.mga6 firefox-bn_BD-52.6.0-1.mga6 firefox-br-52.6.0-1.mga6 firefox-bs-52.6.0-1.mga6 firefox-ca-52.6.0-1.mga6 firefox-cs-52.6.0-1.mga6 firefox-cy-52.6.0-1.mga6 firefox-da-52.6.0-1.mga6 firefox-de-52.6.0-1.mga6 firefox-el-52.6.0-1.mga6 firefox-en_GB-52.6.0-1.mga6 firefox-en_US-52.6.0-1.mga6 firefox-en_ZA-52.6.0-1.mga6 firefox-eo-52.6.0-1.mga6 firefox-es_AR-52.6.0-1.mga6 firefox-es_CL-52.6.0-1.mga6 firefox-es_ES-52.6.0-1.mga6 firefox-es_MX-52.6.0-1.mga6 firefox-et-52.6.0-1.mga6 firefox-eu-52.6.0-1.mga6 firefox-fa-52.6.0-1.mga6 firefox-ff-52.6.0-1.mga6 firefox-fi-52.6.0-1.mga6 firefox-fr-52.6.0-1.mga6 firefox-fy_NL-52.6.0-1.mga6 firefox-ga_IE-52.6.0-1.mga6 firefox-gd-52.6.0-1.mga6 firefox-gl-52.6.0-1.mga6 firefox-gu_IN-52.6.0-1.mga6 firefox-he-52.6.0-1.mga6 firefox-hi_IN-52.6.0-1.mga6 firefox-hr-52.6.0-1.mga6 firefox-hsb-52.6.0-1.mga6 firefox-hu-52.6.0-1.mga6 firefox-hy_AM-52.6.0-1.mga6 firefox-id-52.6.0-1.mga6 firefox-is-52.6.0-1.mga6 firefox-it-52.6.0-1.mga6 firefox-ja-52.6.0-1.mga6 firefox-kk-52.6.0-1.mga6 firefox-km-52.6.0-1.mga6 firefox-kn-52.6.0-1.mga6 firefox-ko-52.6.0-1.mga6 firefox-lij-52.6.0-1.mga6 firefox-lt-52.6.0-1.mga6 firefox-lv-52.6.0-1.mga6 firefox-mai-52.6.0-1.mga6 firefox-mk-52.6.0-1.mga6 firefox-ml-52.6.0-1.mga6 firefox-mr-52.6.0-1.mga6 firefox-ms-52.6.0-1.mga6 firefox-nb_NO-52.6.0-1.mga6 firefox-nl-52.6.0-1.mga6 firefox-nn_NO-52.6.0-1.mga6 firefox-or-52.6.0-1.mga6 firefox-pa_IN-52.6.0-1.mga6 firefox-pl-52.6.0-1.mga6 firefox-pt_BR-52.6.0-1.mga6 firefox-pt_PT-52.6.0-1.mga6 firefox-ro-52.6.0-1.mga6 firefox-ru-52.6.0-1.mga6 firefox-si-52.6.0-1.mga6 firefox-sk-52.6.0-1.mga6 firefox-sl-52.6.0-1.mga6 firefox-sq-52.6.0-1.mga6 firefox-sr-52.6.0-1.mga6 firefox-sv_SE-52.6.0-1.mga6 firefox-ta-52.6.0-1.mga6 firefox-te-52.6.0-1.mga6 firefox-th-52.6.0-1.mga6 firefox-tr-52.6.0-1.mga6 firefox-uk-52.6.0-1.mga6 firefox-uz-52.6.0-1.mga6 firefox-vi-52.6.0-1.mga6 firefox-xh-52.6.0-1.mga6 firefox-zh_CN-52.6.0-1.mga6 firefox-zh_TW-52.6.0-1.mga6 from SRPMS: nspr-4.18-1.mga6.src.rpm rootcerts-20180104.00-1.mga6.src.rpm nss-3.28.6-1.3.mga6.src.rpm firefox-52.6.0-1.mga6.src.rpm firefox-l10n-52.6.0-1.mga6.src.rpm
Blocks: (none) => 22434
Mageia 5 moved to Bug 22434. QA can begin testing the Mageia 6 packages now. Advisory to come later.
Assignee: sysadmin-bugs => qa-bugsWhiteboard: MGA5TOO => (none)
Seems to work ok here on x86_64
CC: (none) => tmb
$ uname -a Linux localhost 4.14.13-desktop-1.mga6 #1 SMP Wed Jan 10 12:48:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux This is a gnome instance The following 10 packages are going to be installed: - firefox-52.6.0-1.mga6.x86_64 - firefox-en_GB-52.6.0-1.mga6.noarch - firefox-en_US-52.6.0-1.mga6.noarch - firefox-en_ZA-52.6.0-1.mga6.noarch - glibc-2.22-27.mga6.x86_64 - glibc-devel-2.22-27.mga6.x86_64 - lib64nspr4-4.18-1.mga6.x86_64 - lib64rpm7-4.13.0.2-3.2.mga6.x86_64 - python3-rpm-4.13.0.2-3.2.mga6.x86_64 - rpm-4.13.0.2-3.2.mga6.x86_64 4.3KB of additional disk space will be used. Installed and rebooted Able to get to Email, play youtube, etc. Working as designed.
CC: (none) => brtians1
This has been running for several days on this 64-bit machine with Mageia 6.
CC: (none) => tarazed25
Running fine on this 64-bit Intel Core2Duo-based machine. Using it now to write this comment. Did a fine job on Facebook.
CC: (none) => andrewsfarm
Extra tests on Mageia 6 with local RPMs. $ rpm -qilp oneplay-dvd-1.1.3-1.x86_64.rpm Name : oneplay-dvd Version : 1.1.3 Release : 1 Architecture: x86_64 Install Date: (not installed) Group : Applications/Internet Size : 26139454 License : Proprietary Signature : (none) Source RPM : oneplay-dvd-1.1.3-1.src.rpm Build Date : Fri 05 Jun 2015 12:27:51 BST Build Host : ubuntu1004-64.vmbuild.lan Relocations : /opt/oneplay-dvd Packager : Fluendo S.A. <support@fluendo.com> Vendor : Fluendo S.A. URL : http://www.fluendo.com/ Summary : ONEPLAY DVD player Description : Fluendo DVD Player is a software application specially designed to reproduce DVD on Linux/Unix platforms, which provides end users with high quality standards. * Full DVD Playback * DVD Menu support ..................................... $ sudo rpm -i mplayer-skins-1.8-1.nodist.rf.noarch.rpm seemed to go OK. mga6 tkimg package already installed so this was expected to fail. $ rpm -i --test tkimg-1.4-20.fc21.x86_64.rpm file /usr/lib64/tcl8.6/Img1.4/libjpegtcl8.2.so from install of tkimg-1.4-20.fc21.x86_64 conflicts with file from package tkimg-1.4-7.mga6.x86_64 file /usr/lib64/tcl8.6/Img1.4/libpngtcl1.4.3.so from install of tkimg-1.4-20.fc21.x86_64 conflicts with file from package tkimg-1.4-7.mga6.x86_64 ..................................... OK for 64 bits.
What the ...! Just noticed that this (comment 7) was posted on the wrong bug. Apologies.
Installed on real hardware, Athlon X2 7750, 8GB, nvidia340, Atheros wifi, 64-bit Plasma and server kernel. Looks good here.
Same hardware as Comment 9, this time a 32-bit Xfce system, server kernel. Still looks good.
RedHat has issued an advisory for this today (January 24): https://access.redhat.com/errata/RHSA-2018:0122 Advisory: ======================== Updated firefox packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117). To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5μs to 20μs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117 https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2018:0122
Installed and tested without regressions. Tested multiple websites, including WebGL, flash, video/audio sites. Installed packages: - firefox-52.6.0-1.mga6.x86_64 - firefox-pt_PT-52.6.0-1.mga6.noarch - lib64nspr-devel-4.18-1.mga6.x86_64 - lib64nspr4-4.18-1.mga6.x86_64 - lib64nss-devel-3.28.6-1.3.mga6.x86_64 - lib64nss3-3.28.6-1.3.mga6.x86_64 - nss-3.28.6-1.3.mga6.x86_64 - rootcerts-20180104.00-1.mga6.noarch - rootcerts-java-20180104.00-1.mga6.noarch System: Mageia 6, x86_64, Plasma DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.13-desktop-1.mga6 #1 SMP Wed Jan 10 12:48:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
CC: (none) => mageia
Testing M6/64 Real hardware with Radeon graphics. lib64nspr4-4.18-1.mga6 rootcerts-20180104.00-1.mga6 rootcerts-java-20180104.00-1.mga6 nss-3.28.6-1.3.mga6 lib64nss3-3.28.6-1.3.mga6 firefox-52.6.0-1.mga6 firefox-cy-52.6.0-1.mga6 firefox-en_GB-52.6.0-1.mga6 Have used this for Bugzilla, BBC site including videos with sound, others not simple. Everything behaved well. Indeed, I wonder whether the awful hesitations of the previous version have gone; which made it almost unusable. I have AdblockPlus, which may be the problem. No - they are still here, but much less evident. OK for me. In the light of all the +ve feedback for both architectures (tnaks TJ for the 32-bit), I am OKing them & validating the update.
Whiteboard: (none) => MGA6-64-OK MGA6-32-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0097.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This version still not put valid information in the lines id= and version= in the file /usr/lib/firefox/distribution/distribution.ini (/usr/lib64/firefox/distribution/distribution.ini for 64 bit systems) https://bugs.mageia.org/show_bug.cgi?id=20617
CC: (none) => j.alberto.vc