Mozilla has released Firefox 60.6 today (March 19): https://www.mozilla.org/en-US/firefox/60.6.0/releasenotes/ Information for this Firefox update isn't available yet. Update in progress. Updated packages in core/updates_testing: ======================== libnspr4-4.21-1.mga6 libnspr-devel-4.21-1.mga6 rootcerts-20190306.00-1.mga6 rootcerts-java-20190306.00-1.mga6 nss-3.36.7-1.1.mga6 nss-doc-3.36.7-1.1.mga6 libnss3-3.36.7-1.1.mga6 libnss-devel-3.36.7-1.1.mga6 libnss-static-devel-3.36.7-1.1.mga6 firefox-60.6.0-1.mga6 firefox-devel-60.6.0-1.mga6 firefox-af-60.6.0-1.mga6 firefox-an-60.6.0-1.mga6 firefox-ar-60.6.0-1.mga6 firefox-as-60.6.0-1.mga6 firefox-ast-60.6.0-1.mga6 firefox-az-60.6.0-1.mga6 firefox-bg-60.6.0-1.mga6 firefox-bn_IN-60.6.0-1.mga6 firefox-bn_BD-60.6.0-1.mga6 firefox-br-60.6.0-1.mga6 firefox-bs-60.6.0-1.mga6 firefox-ca-60.6.0-1.mga6 firefox-cs-60.6.0-1.mga6 firefox-cy-60.6.0-1.mga6 firefox-da-60.6.0-1.mga6 firefox-de-60.6.0-1.mga6 firefox-el-60.6.0-1.mga6 firefox-en_GB-60.6.0-1.mga6 firefox-en_US-60.6.0-1.mga6 firefox-en_ZA-60.6.0-1.mga6 firefox-eo-60.6.0-1.mga6 firefox-es_AR-60.6.0-1.mga6 firefox-es_CL-60.6.0-1.mga6 firefox-es_ES-60.6.0-1.mga6 firefox-es_MX-60.6.0-1.mga6 firefox-et-60.6.0-1.mga6 firefox-eu-60.6.0-1.mga6 firefox-fa-60.6.0-1.mga6 firefox-ff-60.6.0-1.mga6 firefox-fi-60.6.0-1.mga6 firefox-fr-60.6.0-1.mga6 firefox-fy_NL-60.6.0-1.mga6 firefox-ga_IE-60.6.0-1.mga6 firefox-gd-60.6.0-1.mga6 firefox-gl-60.6.0-1.mga6 firefox-gu_IN-60.6.0-1.mga6 firefox-he-60.6.0-1.mga6 firefox-hi_IN-60.6.0-1.mga6 firefox-hr-60.6.0-1.mga6 firefox-hsb-60.6.0-1.mga6 firefox-hu-60.6.0-1.mga6 firefox-hy_AM-60.6.0-1.mga6 firefox-id-60.6.0-1.mga6 firefox-is-60.6.0-1.mga6 firefox-it-60.6.0-1.mga6 firefox-ja-60.6.0-1.mga6 firefox-kk-60.6.0-1.mga6 firefox-km-60.6.0-1.mga6 firefox-kn-60.6.0-1.mga6 firefox-ko-60.6.0-1.mga6 firefox-lij-60.6.0-1.mga6 firefox-lt-60.6.0-1.mga6 firefox-lv-60.6.0-1.mga6 firefox-mai-60.6.0-1.mga6 firefox-mk-60.6.0-1.mga6 firefox-ml-60.6.0-1.mga6 firefox-mr-60.6.0-1.mga6 firefox-ms-60.6.0-1.mga6 firefox-nb_NO-60.6.0-1.mga6 firefox-nl-60.6.0-1.mga6 firefox-nn_NO-60.6.0-1.mga6 firefox-or-60.6.0-1.mga6 firefox-pa_IN-60.6.0-1.mga6 firefox-pl-60.6.0-1.mga6 firefox-pt_BR-60.6.0-1.mga6 firefox-pt_PT-60.6.0-1.mga6 firefox-ro-60.6.0-1.mga6 firefox-ru-60.6.0-1.mga6 firefox-si-60.6.0-1.mga6 firefox-sk-60.6.0-1.mga6 firefox-sl-60.6.0-1.mga6 firefox-sq-60.6.0-1.mga6 firefox-sr-60.6.0-1.mga6 firefox-sv_SE-60.6.0-1.mga6 firefox-ta-60.6.0-1.mga6 firefox-te-60.6.0-1.mga6 firefox-th-60.6.0-1.mga6 firefox-tr-60.6.0-1.mga6 firefox-uk-60.6.0-1.mga6 firefox-uz-60.6.0-1.mga6 firefox-vi-60.6.0-1.mga6 firefox-xh-60.6.0-1.mga6 firefox-zh_CN-60.6.0-1.mga6 firefox-zh_TW-60.6.0-1.mga6 from SRPMS: nspr-4.21-1.mga6.src.rpm rootcerts-20190306.00-1.mga6.src.rpm nss-3.36.7-1.1.mga6.src.rpm firefox-60.6.0-1.mga6.src.rpm firefox-l10n-60.6.0-1.mga6.src.rpm
Firefox build failed: http://pkgsubmit.mageia.org/uploads/failure/6/core/updates_testing/20190319121625.luigiwalser.duvel.35403/log/firefox-60.6.0-1.mga6/build.0.20190319121711.log with: 0:03.48 mozbuild.configure.options.InvalidOptionError: Unknown option: --with-google-api-keyfile
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing two of our great FF security fixers :-)
CC: (none) => marja11, mrambo, nicolas.salgueroAssignee: bugsquad => pkg-bugs
For the record, I assigned for help with this: (In reply to David Walser from comment #1) > Firefox build failed: > http://pkgsubmit.mageia.org/uploads/failure/6/core/updates_testing/ > 20190319121625.luigiwalser.duvel.35403/log/firefox-60.6.0-1.mga6/build.0. > 20190319121711.log > > with: > 0:03.48 mozbuild.configure.options.InvalidOptionError: Unknown option: > --with-google-api-keyfile
Hi, According to https://forum.manjaro.org/t/out-of-band-update-2019-03-18-firefox-66-0/79554/2, the option "--with-google-api-keyfile" was replaced by two other options: "--with-google-location-service-api-keyfile" and "--with-google-safebrowsing-api-keyfile" in Firefox 66. Maybe for Firefox ESR 60.6, this change also applies. Best regards, Nico.
Nicolas changed the release tag (we should be able to re-push ARM without doing that, with sysadmin help) for firefox, so now it's: firefox-60.6.0-2.mga6 firefox-devel-60.6.0-2.mga6 from firefox-60.6.0-2.mga6.src.rpm firefox-l10n is building now, so everything should be available soon. Release notes and security advisories have been posted. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796 https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Assignee: pkg-bugs => qa-bugs
RedHat has issued an advisory for this today (March 20): https://access.redhat.com/errata/RHSA-2019:0622 Advisory: ======================== Updated firefox packages fix security vulnerabilities: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506). Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788). Use-after-free when removing in-use DOM elements (CVE-2019-9790). Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791). IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792). Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793). Type-confusion in IonMonkey JIT compiler (CVE-2019-9795). Use-after-free with SMIL animation controller (CVE-2019-9796). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796 https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ https://access.redhat.com/errata/RHSA-2019:0622
64 bit, plasma, nvidia: Simple tests = it works here; Shut down Firefox, upgraded, restarted, and it reopened all tabs OK, remember cookies etc, video is OK, internet bank OK, i just keep on using it a couple hours counting. Note this system updates all to updates_testing.
CC: (none) => fri
Advisory committed to svn. Testing ok on x86_64 and on i586 under vb. Validating the update.
Whiteboard: (none) => MGA6-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0116.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED